rpm package
suse/rubygem-activesupport-4_2&distro=SUSE OpenStack Cloud Crowbar 9
pkg:rpm/suse/rubygem-activesupport-4_2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-22796 | — | < 4.2.9-7.15.1 | 4.2.9-7.15.1 | Feb 9, 2023 | A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts | ||
| CVE-2022-27777 | — | < 4.2.9-7.12.1 | 4.2.9-7.12.1 | May 26, 2022 | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | ||
| CVE-2020-8163 | — | < 4.2.9-7.6.1 | 4.2.9-7.6.1 | Jul 2, 2020 | The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. | ||
| CVE-2020-8165 | — | < 4.2.9-7.9.1 | 4.2.9-7.9.1 | Jun 19, 2020 | A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. |
- CVE-2023-22796Feb 9, 2023affected < 4.2.9-7.15.1fixed 4.2.9-7.15.1
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts
- CVE-2022-27777May 26, 2022affected < 4.2.9-7.12.1fixed 4.2.9-7.12.1
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
- CVE-2020-8163Jul 2, 2020affected < 4.2.9-7.6.1fixed 4.2.9-7.6.1
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
- CVE-2020-8165Jun 19, 2020affected < 4.2.9-7.9.1fixed 4.2.9-7.9.1
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.